{"id":2456,"date":"2017-10-09T18:40:18","date_gmt":"2017-10-09T18:40:18","guid":{"rendered":"https:\/\/tst-amo.pp.ua\/blog\/?p=2456"},"modified":"2018-06-06T08:55:05","modified_gmt":"2018-06-06T08:55:05","slug":"fail2ban","status":"publish","type":"post","link":"https:\/\/tst-amo.net.ua\/blog\/?p=2456","title":{"rendered":"Fail2ban"},"content":{"rendered":"

\u041d\u0435\u043c\u043d\u043e\u0433\u043e \u043d\u0430\u0447\u0430\u043b\u0438 \u043d\u0430\u043f\u0440\u044f\u0433\u0430\u0442\u044c \u0431\u0440\u0443\u0442\u043e\u043c \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u043f\u043e\u0440\u0442\u043e\u0432.<\/p>\n

cd \/usr\/ports\/security\/py-fail2ban\/\r\nmake install clean<\/pre>\n
\u0412 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0443 \u043c\u0435\u043d\u044f \u0432\u044b\u0432\u0430\u043b\u0438\u043b\u0430\u0441\u044c \u043e\u0448\u0438\u0431\u043a\u0430, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441\u00a0py27-setuptools, \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u0442\u0430\u043a\u0430\u044f<\/p>\n
===>  Installing for py27-setuptools-32.1.0_1\r\n===>  Checking if py27-setuptools already installed\r\n===>   Registering installation for py27-setuptools-32.1.0_1 as automatic\r\nInstalling py27-setuptools-32.1.0_1...\r\npkg-static: py27-setuptools-32.1.0_1 conflicts with py27-setuptools27-32.1.0 (installs files into the same place).  Problematic file: \/usr\/local\/lib\/python2.7\/site-packages\/easy-install.pth.dist\r\n*** Error code 70\r\nStop.\r\nmake: stopped in \/usr\/ports\/devel\/py27-setuptools<\/pre>\n
\u0420\u0435\u0448\u0435\u043d\u0438\u0435<\/p>\n
pkg set -n py27-setuptools27:py27-setuptools\r\npkg set -o devel\/py-setuptools27:devel\/py27-setuptools<\/pre>\n
\u0414\u0430\u043b\u0435\u0435<\/p>\n
echo 'fail2ban_enable=<\/code>\"YES\"<\/code>' >> \/etc\/rc.conf<\/pre>\n
\u041f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c<\/p>\n
cd \/usr\/local\/etc\/fail2ban\r\ncp jail.conf jail.local<\/pre>\n
– \u0447\u0442\u043e\u0431\u044b \u043f\u0440\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 \u043d\u0435 \u043f\u043e\u0442\u0435\u0440\u043b\u0438\u0441\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0438.<\/p>\n
cat \/jail.local\r\n[DEFAULT]\r\nignoreip = 127.0.0.1 192.168.1.12\r\n# \u0432\u0440\u0435\u043c\u044f \u0431\u0430\u043d\u0430 \u0432 \u0441\u0435\u043a\u0443\u043d\u0434\u0430\u0445 (\u043e\u0442\u0440\u0438\u0446\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u0447\u0438\u0441\u043b\u043e - \u043d\u0430\u0432\u0441\u0435\u0433\u0434\u0430)\r\nbantime = -600\r\n\r\n# \u0432\u0440\u0435\u043c\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438,\u0437\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u0435 \u0443\u0441\u043f\u0435\u0435\u0442 \u043f\u043e\u0432\u0442\u043e\u0440\u0438\u0442\u0441\u044f\r\nfindtime = 900\r\n\r\n# \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0435 \u0447\u0438\u0441\u043b\u043e \u043f\u0440\u0430\u0432\u043e\u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0439\r\nmaxretry = 2\r\n\r\n# \u043c\u0435\u0442\u043e\u0434 \u043f\u0430\u0440\u0441\u0438\u043d\u0433\u0430 \u043b\u043e\u0433\u043e\u0432\r\nbackend = auto\r\nusedns= no\r\n\r\n[ssh-ipfw]\r\nenabled = true\r\nfilter = bsd-sshd\r\naction = bsd-ipfw[table \u201c\u201d not found \/]
\n\r\nsendmail[name=ssh, dest=svm@tst-amo.pp.ua]\r\nlogpath = \/var\/log\/auth.log<\/pre>\n
\u0412 ipfw \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0442\u0430\u0431\u043b\u0438\u0446\u044b 3, 4, 5<\/p>\n
#fail2ban table\r\n add 2 deny log all from table(3) to me\r\n add 2 deny log all from me to table(3)<\/pre>\n
\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c<\/p>\n
\/etc\/rc.d\/ipfw restart\r\nservice fail2ban restart<\/pre>\n
\u0414\u0435\u043b\u0430\u0435\u043c<\/p>\n
tail -f \/var\/log\/fail2ban.log<\/pre>\n
\u0438 \u043f\u0440\u043e\u0431\u0443\u0435\u043c \u043e\u0448\u0438\u0431\u043e\u0447\u043d\u043e \u0437\u0430\u043b\u043e\u0433\u0438\u043d\u0438\u0442\u0441\u044f.<\/p>\n
\u0417\u0430\u0449\u0438\u0449\u0430\u0435\u043c Postfix<\/h4>\n
\u0412 \/usr\/local\/etc\/fail2ban\/jail.local \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c<\/p>\n
[postfix-sasl-ipfw]\r\nenabled = true\r\nfilter = postfix-sasl\r\naction = bsd-ipfw[table \u201c\u201d not found \/]
\n\r\nlogpath = \/var\/log\/maillog\r\nbantime = 604800\r\nfindtime = 3600\r\nmaxretry = 3\r\nignoreip = 127.0.0.1 192.168.1.0\/24\r\nbackend = auto<\/pre>\n
[postfix-ipfw]\r\nenabled = true\r\nfilter = postfix\r\naction = bsd-ipfw[table \u201c\u201d not found \/]
\n\r\nlogpath = \/var\/log\/maillog\r\nbantime = 604800\r\nfindtime = 3600\r\nmaxretry = 3\r\nignoreip = 127.0.0.1 192.168.1.0\/24\r\nbackend = auto<\/pre>\n
\u0412 \/usr\/local\/etc\/fail2ban\/filter.d\/postfix-sasl.local \u043f\u0440\u0430\u0432\u0438\u043c \u0434\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f<\/p>\n
[INCLUDES]\r\nbefore = common.conf\r\n\r\n[Definition]\r\n_daemon = postfix(-\\w+)?\/(submission\/)?smtp(d|s)\r\nfailregex = ^%(__prefix_line)swarning: [-._\\w]+\\[<HOST>\\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+\/:]*={0,2})?\\s*$\r\nignoreregex =<\/pre>\n
\u0417\u0430\u0449\u0438\u0449\u0430\u0435\u043c Dovecot<\/h4>\n
[dovecot-ipfw]\r\nenabled = true\r\nfilter = dovecot\r\naction = bsd-ipfw\r\n# mail-whois[name=Dovecot, dest=svm@tst-amo.pp.ua]\r\nlogpath = \/var\/log\/dovecot.log\r\nmaxretry = 3\r\nbantime = 3600\r\nfindtime = 600\r\nignoreip = 127.0.0.1 192.168.1.47\r\nbackend = auto<\/pre>\n
\u0417\u0430\u0449\u0438\u0449\u0430\u0435\u043c Roundcube<\/h4>\n
\u0412 \/usr\/local\/etc\/fail2ban\/jail.local \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c<\/p>\n
[roundcube-ipfw]\r\nenabled = true\r\nfilter = roundcube-auth\r\naction = bsd-ipfw[table \u201c\u201d not found \/]
\n\r\nport = http,https\r\nbantime = 240\r\nfindtime = 3600\r\nmaxretry = 3\r\nlogpath = \/usr\/local\/www\/roundcube\/logs\/errors\r\nignoreip = 127.0.0.1 192.168.1.0.24\r\nbackend = auto<\/pre>\n
\u0424\u0438\u043b\u044c\u0442\u0440 \/usr\/local\/etc\/fail2ban\/filter.d\/roundcube-auth.local \u043f\u043e\u0434\u043e\u0448\u0435\u043b \u0434\u0435\u0444\u043e\u043b\u0442\u043d\u044b\u0439.<\/p>\n
\u0417\u0430\u0449\u0438\u0449\u0430\u0435\u043c ProFTPd<\/h4>\n
[proftpd-ipfw]\r\nenabled = true\r\nfilter = proftpd\r\naction = bsd-ipfw[table \u201c\u201d not found \/]
\n\r\nport = ftp,ftps,sftp\r\nbantime = 240\r\nfindtime = 3600\r\nmaxretry = 3\r\nlogpath = \/var\/log\/proftpd\/proftpd.log\r\nignoreip = 127.0.0.1 192.168.1.47 194.44.219.161\r\nbackend = auto<\/pre>\n
\u041f\u043e\u043b\u0435\u0437\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b:<\/h4>\n
\u0420\u0435\u0441\u0442\u0430\u0440\u0442<\/p>\n
# service fail2ban restart<\/pre>\n
\u041f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0441\u043f\u0438\u0441\u043e\u043a \u043f\u0440\u0430\u0432\u0438\u043b:<\/p>\n
\n
# fail2ban-client status<\/pre>\n<\/div>\n
\u041f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0443\u00a0\u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0430\u0434\u0440\u0435\u0441\u043e\u0432:<\/p>\n
\n
# fail2ban-client status <\u0438\u043c\u044f \u043f\u0440\u0430\u0432\u0438\u043b\u0430><\/pre>\n
\u0414\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0430\u0434\u0440\u0435\u0441\u0430 \u0438\u0437 \u0441\u043f\u0438\u0441\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c:<\/p>\n
\n
fail2ban-client set <\u0438\u043c\u044f \u043f\u0440\u0430\u0432\u0438\u043b\u0430> unbanip <IP-\u0430\u0434\u0440\u0435\u0441><\/pre>\n
\u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440:<\/p>\n
fail2ban-client set ssh\u00a0unbanip 5.234.11.168\r\n<\/pre>\n
https:\/\/www.dmosk.ru\/instruktions.php?object=fail2ban<\/p>\n<\/div>\n<\/div>\n
\"image_pdf\"<\/a>\"image_print\"<\/a><\/div>","protected":false},"excerpt":{"rendered":"
\u041d\u0435\u043c\u043d\u043e\u0433\u043e \u043d\u0430\u0447\u0430\u043b\u0438 \u043d\u0430\u043f\u0440\u044f\u0433\u0430\u0442\u044c \u0431\u0440\u0443\u0442\u043e\u043c \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u043f\u043e\u0440\u0442\u043e\u0432. cd \/usr\/ports\/security\/py-fail2ban\/ make install clean \u0412 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0443 \u043c\u0435\u043d\u044f \u0432\u044b\u0432\u0430\u043b\u0438\u043b\u0430\u0441\u044c \u043e\u0448\u0438\u0431\u043a\u0430, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441\u00a0py27-setuptools, \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u0442\u0430\u043a\u0430\u044f ===> Installing for py27-setuptools-32.1.0_1 ===> Checking if py27-setuptools already installed ===> Registering installation for py27-setuptools-32.1.0_1 as automatic Installing py27-setuptools-32.1.0_1… pkg-static: py27-setuptools-32.1.0_1 conflicts with py27-setuptools27-32.1.0 (installs files into the same place). Problematic file: \/usr\/local\/lib\/python2.7\/site-packages\/easy-install.pth.dist …<\/p>\n
Continue reading ‘Fail2ban’ »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[50,31],"tags":[],"class_list":["post-2456","post","type-post","status-publish","format-standard","hentry","category-freebsd","category-ssh"],"_links":{"self":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2456"}],"collection":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2456"}],"version-history":[{"count":9,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2456\/revisions"}],"predecessor-version":[{"id":2753,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2456\/revisions\/2753"}],"wp:attachment":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2456"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2456"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2456"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}